Upstream information

CVE-2018-17141 at MITRE

Description

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having critical severity.

CVSS v3 Scores
  SUSE
Base Score 9
Vector AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Access Vector Network
Access Complexity High
Privileges Required None
User Interaction None
Scope Changed
Confidentiality Impact High
Integrity Impact High
Availability Impact High
SUSE Bugzilla entry: 1109084 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 15.0
  • hylafax+ >= 5.6.1-lp150.5.6.1
  • hylafax+-client >= 5.6.1-lp150.5.6.1
  • hylafax+-client-debuginfo >= 5.6.1-lp150.5.6.1
  • hylafax+-debuginfo >= 5.6.1-lp150.5.6.1
  • hylafax+-debugsource >= 5.6.1-lp150.5.6.1
  • libfaxutil5_6_1 >= 5.6.1-lp150.5.6.1
  • libfaxutil5_6_1-debuginfo >= 5.6.1-lp150.5.6.1
Patchnames:
openSUSE-2018-1027
openSUSE Leap 42.3
  • hylafax+ >= 5.6.1-15.1
  • hylafax+-client >= 5.6.1-15.1
  • hylafax+-client-debuginfo >= 5.6.1-15.1
  • hylafax+-debuginfo >= 5.6.1-15.1
  • hylafax+-debugsource >= 5.6.1-15.1
  • libfaxutil5_6_1 >= 5.6.1-15.1
  • libfaxutil5_6_1-debuginfo >= 5.6.1-15.1
Patchnames:
openSUSE-2018-1027